Ras Al Khaimah, 26 February 2018: RAS AL KHAIMAH Chamber has announced receiving the ISO 27001 Information Security Management Systems Certification. The award comes in recognition of the Chamber's efficient information security management systems and operations. The certification provides the basis for an international standard for information security management best practices in several data driven sectors. The certification is yet another evidence for stakeholders and partners highlighting the Chamber's successful track record in implementing effective information management systems coupled with its adoption of global best practices.
Mohamed Hassan Al Sabab, Acting Director General of RAS AL KHAIMAH Chamber, stated that the Chamber is committed to ensuring the security and privacy of customer data. He said, “We have implemented an information management system owing to our firm believe in the need to safeguard information and educate everyone involved in information processing. Our plan is to provide necessary protections for the safety of our customer's data in view of the ever evolving landscape of information security breaches and threats.” He added, “Information security is underpinned by three key elements: people, operations, and technology. Hence, the Chamber has to adhere to the guiding principles put in place to protect private information and data and ensure the safety of customers against all forms of information-related threats.”
For her part, Eiman Al Hayyas, Assistant Director, Supporting and Corporate Services at RAS AL KHAIMAH Chamber, stated that the acquisition of the ISO 27001 Certification was made possible by a collaborative effort among the chamber's divisions. She said, “The collaboration facilitated creating an information management system at the chamber. We also provided training and awareness courses to our staff to raise awareness among them on our information management policies and regulations that must be followed in relation to protecting information privacy.”
Fatima Al Mazrouei, Director of the IT Department at RAS AL KHAIMAH Chamber, said, “A business continuity plan was implemented with the objective of managing disaster, infrastructure and IT disruption incident response at the Chamber. The plan will ensure uninterrupted provision of the Chamber's essential services during and after disaster and disruption incidents. It will also mitigate the risk of further disruptions and limit their potential impact on the Chamber's operations and services.”
The objectives of the Chamber's information management system include protecting all of the Chamber's information and information systems. This includes protecting classified and unclassified information, in accordance with the level of sensitivity of the information and their significance to the Chamber's operation.
Other objectives include safeguarding the Chamber's information against unauthorized disclosure, destruction, or alteration during information collection, processing, broadcasting, storage or distribution to stakeholders; prudent management of all classified and unclassified information systems purchased from third parties or obtained through proprietary efforts and used to achieve the Chamber's vision, support its projects and provide services to customers; maintain such systems and ensure their sustainability throughout their lifecycle; manage all information systems efficiently to deliver intended value in line with risk management and assessment best practices to adequately protect information privacy and integrity and support the Chamber's services throughout the entire information system development and implementation process; undertake scheduled periodic internal audits for all operations related to the information security system and information systems tasked with the collection, analyzing, processing, storage and distribution of the Chamber's information; investigate all information security incidents to find out their root causes and provide corrective remedies and preventive solutions to avert or minimize incidents and limit their impact on the Chamber's activities; continuously monitor information system performance and information system operations to detect any shortcomings in the system performance or identify threats and weak points in information security operations for ongoing improvement; perform regular review of the information management system by senior management to ascertain achievement of objectives and approve any amendments and proposals aimed at improving the system in keeping with the Chamber's operations; ensure that information security polices and requirements are properly implemented across the chamber's divisions and are understood by all staff members, while maintaining regular communication between senior management and staff members on implementing information security policies.